function checkCookies($uname, $cookiehash)
{
$ha = getCookies($uname);
if ($ha == $cookiehash) {
return true;
}
return false;
}
<?php
require_once '../init.php';
require_once '../pager.php';
require_once getCacheFilePath('folders.php');
require_once './../../' . ADMIN_DIR . '/language/language.php';
if (!isAdmin()) {
exit($_AL['all.notlogin']);
}
$curPage = intval($_GET["page"]);
$folderid = intval($_GET["folderid"]);
if ($folderid > 0) {
setCookies("lastfolderid", $folderid);
} else {
$folderid = intval(getCookies("lastfolderid"));
}
//preview
setCookies("lastfoldertype", 2);
$pagerlink = "files.php?page={page}&folderid={$folderid}";
$condition = "folderid={$folderid}";
$orderstr = "id desc";
$pager = new Pager();
$pager->init(10, $curPage, $pagerlink);
$attachements = $pager->queryRows($db, "attachments", $condition, "*", $orderstr);
foreach ($attachements as $key => $att) {
$att['shortfilename'] = htmlFilter(cutStr($att['filename'], 12));
$att['filename'] = htmlFilter($att['filename']);
$att['uploadtime'] = getDateStr($att['uploadtime']);
$attachements[$key] = $att;
}
$folderrow = $cache_folders[$folderid];
$timer_begin = getmicrotime();
$db = new db();
$db->connect($_DB);
$webcore = new WebCore();
//管理员登录信息
$lg['userid'] = intval(rSESSION('userid'));
$lg['isadmin'] = intval(rSESSION('isadmin'));
//会员登录信息
$lg['memberid'] = intval(rSESSION('memberid'));
$lg['groupid'] = intval(rSESSION('groupid'));
$lg['isadmin'] = intval(rSESSION('isadmin'));
$lg['membername'] = strFilter(rSESSION('membername'));
$lg['displayname'] = htmlFilter(rSESSION('membername'));
$lg['memberpass'] = strFilter(rSESSION('memberpass'));
$lg['memberauth'] = strFilter(rSESSION('memberauth'));
$lg['expire'] = intval(getCookies('expire'));
$islogin = isLogin();
if (empty($lg['membername']) || empty($lg['memberpass'])) {
$lg['memberid'] = 0;
$lg['groupid'] = 0;
} elseif (md5($lg['membername'] . $lg['memberpass'] . $cache_global['salt']) != $lg['memberauth']) {
//echo md5($lg['membername'].$lg['memberpass'].$cache_global['salt']);exit;
$lg['memberid'] = 0;
$lg['groupid'] = 0;
$lg['membername'] = '';
$lg['memberpass'] = '';
}
//var_dump($lg);exit;
if ($lg['memberid'] == 0 || $lg['groupid'] == 0) {
$lg['groupid'] = GROUP_GUESS;
//自动登录
}
succeedFlag($proid);
break;
case "changePronum":
$proid = intval($_GET["proid"]);
$pronum = intval($_GET["pronum"]);
$cartid = intval(getCookies("cartid"));
if (!empty($cartid)) {
$odt['pronum'] = $pronum;
$db->row_update("orderdetails", $odt, "proid={$proid} and cartid={$cartid} and langid={$_SYS['langid']}");
}
succeedFlag($proid);
break;
case "saveorder":
try {
$cartid = intval(getCookies("cartid"));
if (!empty($cartid)) {
$odts = $db->row_select("orderdetails", "cartid={$cartid} and langid={$_SYS['langid']}");
if (empty($odts)) {
exit($_SLANG['ajaxpublic.nopro']);
}
$ordertotal = 0;
foreach ($odts as $okey => $odt) {
$ordertotal += $odt['price'] * $odt['pronum'];
}
$order['memberid'] = $lg['memberid'];
$order['ordernum'] = GenOrderNum($lg, $cartid);
$order['name'] = cutStr(strFilter($_POST['name']), 30);
$order['phonenum'] = cutStr(strFilter($_POST['phonenum']), 30);
$order['email'] = cutStr(strFilter($_POST['email']), 30);
$order['address'] = cutStr(strFilter($_POST['address']), 100);
}
geoip_close($gi);
if ($data['statusCode'] == 'OK') {
$countryCode = $data['countryCode'];
setcookie("geoipCountry", $data['countryCode'], $cookiesTime);
setcookie("geoip", $ip, $cookiesTime);
// echo $data['countryCode'];
if (in_array($data['countryCode'], $blockedCounntries)) {
if (!whilteListIp($ip)) {
header('Location: ' . DEFAULT_URL . '/visitor.php');
}
}
}
} else {
if (in_array(getCookies('geoipCountry'), $blockedCounntries)) {
if (!whilteListIp(getCookies('geoip'))) {
header('Location: ' . DEFAULT_URL . '/visitor.php');
}
}
}
function whilteListIp($ipAddress)
{
$query = mysql_query("SELECT id FROM `whitelist_ips` WHERE trim(`ip_address`) = '{$ipAddress}'");
if (mysql_num_rows($query) <= 0) {
return false;
}
return true;
}
function getCookies($key)
{
return !empty($_COOKIE[$key]) ? $_COOKIE[$key] : null;
<?php
require_once 'inc/init.php';
$action = $_GET['action'];
switch ($action) {
case "buy":
$action = "buy";
break;
default:
$action = "view";
}
$cartid = getCookies("cartid");
if (!empty($cartid)) {
$odts = $db->row_select("orderdetails", "cartid={$cartid} and langid={$_SYS['langid']}");
foreach ($odts as $okey => $odt) {
$odt['proname'] = htmlFilter($odt['proname']);
$odt['displayprice'] = number_format($odt['price'], 2);
$odt['itemtotal'] = number_format($odt['price'] * $odt['pronum'], 2);
$ordertotal += $odt['price'] * $odt['pronum'];
$odt['prourl'] = "../product.php?id={$odt['proid']}";
$protmppic = $webcore->getPics($odt['picid'], $odt['picpath'], 0, true, true);
$odt['picpath'] = $protmppic['picpath'];
$odts[$okey] = $odt;
}
}
require_once './header.php';
require_once getTemplatePath('cart.htm');
footer();
}
if (!empty($voteitemid)) {
if (isIntArray($voteitemid) && count($voteitemid) <= $voterow['maxvotes']) {
//合法
} else {
$votetips = _LANG($_SLANG['vote.max2'], array($voterow['maxvotes']));
}
$rows = $db->row_select("voteitems", "voteid={$voteid}");
if ($voterow['level'] > 0) {
foreach ($rows as $row) {
if (stristr(",{$row['voteips']},", "," . getIP() . ",")) {
$votetips = $_SLANG['vote.voted'];
}
}
}
if ($voterow['level'] == 2 && intval(getCookies("vote{$voteid}")) == 1) {
$votetips = $_SLANG['vote.voted'];
}
//成功投票
if (empty($votetips)) {
foreach ($rows as $row) {
if (in_array($row['id'], $voteitemid)) {
$tip = getIP();
$db->query_unbuffered("update `{$db->pre}voteitems` set votednum=votednum+1, voteips=" . $db->concat("voteips", "'{$tip}'") . " where id={$row['id']}");
}
}
//写cookies
if ($voterow['level'] == 2) {
setCookies("vote{$voteid}", '1');
}
$totalrow = $db->row_query_one("SELECT SUM(votednum) as total FROM `{$db->pre}voteitems` WHERE voteid={$voteid} LIMIT 1");
function controller_login_index()
{
if (empty($_COOKIE['log']) && empty($_COOKIE['pa'])) {
view_login();
} else {
getCookies();
}
}
}
$file_size_limit = 20480;
$file_num_limit = 99999;
$file_types = '*';
$file_newnum = 20;
$today_uploaded = 1;
$enter = intval($_GET["enter"]);
$folderid = intval($_GET["folderid"]);
if (isset($_GET["folderid"])) {
setCookies("lastfolderid", $folderid);
} else {
$folderid = intval(getCookies("lastfolderid"));
}
$folderid = $folderid == 0 ? 1 : $folderid;
//list
$lastfoldertype = intval(getCookies("lastfoldertype"));
if ($enter == 0 && $lastfoldertype == 2) {
header("location:files.php?folderid={$folderid}");
exit;
}
setCookies("lastfoldertype", 1);
$types = explode(",", $file_types);
$file_types = "";
foreach ($types as $ext) {
if (!empty($ext)) {
$file_types .= "*.{$ext};";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
if ($uselangid == $setlangid && $hide == 1) {
printRes("{$_AL['lang.ajax.off.failed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=lang&action=list');},2000);</script>");
}
$langobj['ishidden'] = $hide;
$db->row_update("langs", $langobj, "id={$setlangid}");
writeLangsCache();
printRes("{$_AL['lang.ajax.set.succeed']}<script>reloadTop('admin.php?inc=lang&action=list');</script>");
//succeedFlag();
break;
case "dellang":
$setlangid = intval($_GET['setlangid']);
$row = $db->row_select_one("langs", "isdefault=1");
if ($row['id'] == $setlangid) {
exit($_AL['lang.ajax.deldef.failed']);
}
$uselangid = intval(getCookies('alangid'));
if ($uselangid == $setlangid) {
exit($_AL['lang.ajax.off.failed']);
}
$db->row_delete("langs", "id={$setlangid}");
$db->row_delete("favs", "langid={$setlangid}");
$db->row_delete("orderdetails", "langid={$setlangid}");
$db->row_delete("orders", "langid={$setlangid}");
$db->row_delete("articles", "langid={$setlangid}");
$db->row_delete("channels", "langid={$setlangid}");
$db->row_delete("contact", "langid={$setlangid}");
$db->row_delete("links", "langid={$setlangid}");
$db->row_delete("msgs", "langid={$setlangid}");
$db->row_delete("procates", "langid={$setlangid}");
$db->row_delete("products", "langid={$setlangid}");
$db->row_delete("settings", "langid={$setlangid}");
}
if (!isset($_POST["email"])) {
add_return_data(0, 5, "E-mail required");
}
$email = $_POST["email"];
if (!$email) {
add_return_data(0, 5, "E-mail required");
}
if (isset($_POST["contact"])) {
$contact = $_POST['contact'];
}
if (isset($_POST["role"]) && $_POST["role"]) {
$role = $_POST['role'];
}
$user = new User($uname);
if ($user->getuser()) {
add_return_data(0, 2, "User already exists");
}
$data = array("uname" => $uname, "password" => $password, "gender" => $gender, "fname" => $fname, "email" => $email, "contact" => $contact, "role" => $role);
$useId = $user->insert($data);
$cookies = array("uid" => $useId, "hash" => getCookies($useId));
$returndata["cookies"] = $cookies;
if ($useId) {
$picId = uploadPic("profilePic", $useId, "userFace");
if ($picId) {
if ($user->updateProfileImage($useId, $picId)) {
add_return_data(1, 1, "User successfully created");
}
}
add_return_data(1, 2, "User successfully created but picture cannot be added.");
}
<?php
$base = "../../";
require_once $base . "users.php";
$returndata = array();
//uname, password
if (!isset($_POST['uname']) || !isset($_POST['password'])) {
add_return_data(0, 2, "Both Username and Password need to be posted.");
} else {
$uname = $_POST['uname'];
$password = $_POST['password'];
$user = new User($uname);
if (!$user->checklogin($uname, $password)) {
//Username password incorrect send that json.
add_return_data(0, 3, "Incorrect username or password");
} else {
//Username and password is correct send json to say username password correct and send cookies
$userdata = $user->get_user_data();
$returndata["user"] = $userdata;
$cookies = array("uid" => $user->get_userid(), "hash" => getCookies($user->get_userid()));
$returndata["cookies"] = $cookies;
add_return_data(1, 1, "Logged In!");
}
}